Home/ Questions/Q 8577537
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T20:10:55+00:00

I’m security testing a website. My question is if you can view where POSTDATA

  • 0

I’m security testing a website. My question is if you can view where POSTDATA is being written to, if so how?

For example a site might have this as their post.php:

   $handle = fopen("filename.txt", "a");
   foreach($_POST as $variable => $value) {
   fwrite($handle, $variable);
   fwrite($handle, "=");
   fwrite($handle, $value);
   fwrite($handle, "\r\n");

What I am attempting to view is what the name of the txt file. In this case it is of course, filename. But, I need to first view the php, to find what the txt file name is. On the website I am testing I do not know the name of the txt file. As the name of the txt file is what I am trying to find.

I have tried doing Curl -O sitename.com/postscript.php in terminal, but, it returnes 302.

How can find the name of the txt file? (using any method)

All help is very much appreciated.

Update: I know for certain that the postdata is being saved to a php file on the root directory.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I’m fairly certain you can’t find the text file. You can however, track the POST request and see which data is being sent where. Check that out in the network tab of Chrome Developer Tools.

    What you’ll notice is that you can see where the page is POSTing the data to be processed, but it has no way of knowing what the processing file does with the data.

    • 0